idnits 2.17.1 draft-ietf-netmod-syslog-model-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 38 instances of too long lines in the document, the longest one being 16 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 264 has weird spacing: '...-repeat uin...' -- The document date (March 13, 2017) is 2595 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 5424' is mentioned on line 106, but not defined == Missing Reference: 'RFC6087' is mentioned on line 209, but not defined ** Obsolete undefined reference: RFC 6087 (Obsoleted by RFC 8407) == Missing Reference: 'RFC5425' is mentioned on line 279, but not defined == Missing Reference: 'RFC6536' is mentioned on line 1132, but not defined ** Obsolete undefined reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) ** Downref: Normative reference to an Historic RFC: RFC 6587 ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) Summary: 6 errors (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG C. Wildes, Ed. 3 Internet-Draft Cisco Systems Inc. 4 Intended status: Standards Track K. Koushik, Ed. 5 Expires: September 12, 2017 Verizon Wireless 6 March 13, 2017 8 A YANG Data Model for Syslog Configuration 9 draft-ietf-netmod-syslog-model-13 11 Abstract 13 This document describes a data model for the configuration of syslog. 15 Status of this Memo 17 This Internet-Draft is submitted in full conformance with the 18 provisions of BCP 78 and BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF). Note that other groups may also distribute 22 working documents as Internet-Drafts. The list of current Internet- 23 Drafts is at http://datatracker.ietf.org/drafts/current/. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 This Internet-Draft will expire on September 12, 2017. 32 Copyright Notice 34 Copyright (c) 2017 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 39 license-info) in effect on the date of publication of this document. 40 Please review these documents carefully, as they describe your rights 41 and restrictions with respect to this document. Code Components 42 extracted from this document must include Simplified BSD License text 43 as described in Section 4.e of the Trust Legal Provisions and are 44 provided without warranty as described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 50 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 53 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 55 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 56 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 57 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 21 58 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 60 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 61 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 24 62 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 24 63 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 64 9.1. Normative References . . . . . . . . . . . . . . . . . . . 24 65 9.2. Informative References . . . . . . . . . . . . . . . . . . 25 66 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 25 67 Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 25 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 70 1. Introduction 72 Operating systems, processes and applications generate messages 73 indicating their own status or the occurrence of events. These 74 messages are useful for managing and/or debugging the network and its 75 services. The BSD syslog protocol is a widely adopted protocol that 76 is used for transmission and processing of the messages. 78 Since each process, application and operating system was written 79 somewhat independently, there is little uniformity to the content of 80 syslog messages. For this reason, no assumption is made upon the 81 formatting or contents of the messages. The protocol is simply 82 designed to transport these event messages. No acknowledgement of 83 the receipt is made. 85 Essentially, a syslog process receives messages (from the kernel, 86 processes, applications or other syslog processes) and processes 87 those. The processing involves logging to a local file, displaying 88 on console, and/or relaying to syslog processes on other machines. 89 The processing is determined by the "facility" that originated the 90 message and the "severity" assigned to the message by the facility. 92 We are using definitions of syslog protocol from RFC 5424 [RFC5424] 93 in this RFC. 95 1.1. Requirements Language 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 99 document are to be interpreted as described in RFC 2119 [RFC2119]. 101 1.2. Terminology 103 The term "originator" is defined in [RFC 5424]: an "originator" 104 generates syslog content to be carried in a message. 106 The terms "relay" and "collectors" are as defined in [RFC 5424]. 108 2. Problem Statement 110 This document defines a YANG [RFC6020] configuration data model that 111 may be used to configure the syslog feature running on a system. 112 YANG models can be used with network management protocols such as 113 NETCONF [RFC6241] to install, manipulate, and delete the 114 configuration of network devices. 116 The data model makes use of the YANG "feature" construct which allows 117 implementations to support only those syslog features that lie within 118 their capabilities. 120 This module can be used to configure the syslog application 121 conceptual layers [RFC5424] as implemented on the target system. 123 3. Design of the Syslog Model 125 The syslog model was designed by comparing various syslog features 126 implemented by various vendors' in different implementations. 128 This draft addresses the common leafs between implementations and 129 creates a common model, which can be augmented with proprietary 130 features, if necessary. This model is designed to be very simple for 131 maximum flexibility. 133 Optional features are used to specify functionality that is present 134 in specific vendor configurations. 136 Syslog consists of originators, and collectors. The following 137 diagram shows syslog messages flowing from an originator, to 138 collectors where filtering can take place. 140 Many vendors extend the list of facilities available for logging in 141 their implementation. An example is included in Extending Facilities 142 (Appendix A.1). 144 Originators 145 +-------------+ +-------------+ +-------------+ +-------------+ 146 | Various | | OS | | | | Remote | 147 | Components | | Kernel | | Line Cards | | Servers | 148 +-------------+ +-------------+ +-------------+ +-------------+ 150 +-------------+ +-------------+ +-------------+ +-------------+ 151 | SNMP | | Interface | | Standby | | Syslog | 152 | Events | | Events | | Supervisor | | Itself | 153 +-------------+ +-------------+ +-------------+ +-------------+ 155 | | 156 +----------------------------------------------------------------+ 157 | 158 | 159 | 160 | 161 +-------------+--------------+ 162 | | | 163 v v v 164 Collectors 165 +----------+ +----------+ +----------------+ 166 | | | Log | |Remote Relay(s)/| 167 | Console | | File(s) | |Collector(s) | 168 +----------+ +----------+ +----------------+ 170 Figure 1. Syslog Processing Flow 172 The leaves in the syslog model "actions" container correspond to each 173 message collector: 175 console 176 log file(s) 177 remote relay(s)/collector(s) 179 Within each action, a selector is used to filter syslog messages. A 180 selector consists of a list of one or more facility-severity matches, 181 and, if supported via the select-match feature, an optional regular 182 expression pattern match that is performed on the SYSLOG-MSG 183 [RFC5424] field. 185 A syslog message is processed if: 187 There is an element of facility-list (F, S) where 188 the message facility matches F (if it is present) 189 and the message severity matches S (if it is present) 190 or the message text matches the regex pattern (if it is present) 192 The facility is one of a specific syslog-facility, or all facilities. 194 The severity is one of type syslog-severity, all severities, or none. 195 None is a special case that can be used to disable a filter. When 196 filtering severity, the default comparison is that messages of the 197 specified severity and higher are selected to be logged. This is 198 shown in the model as "default equals-or-higher". This behavior can 199 be altered if the select-adv-compare feature is enabled to specify a 200 compare operation and an action. Compare operations are: "equals" to 201 select messages with this single severity, or "equals-or-higher" to 202 select messages of the specified severity and higher. Actions are 203 used to log the message or block the message from being logged. 205 3.1. Syslog Module 207 A simplified graphical representation of the data model is used in 208 this document. The meaning of the symbols in these diagrams is 209 defined in [RFC6087]. 211 module: ietf-syslog 212 +--rw syslog! 213 +--rw actions 214 +--rw console! {console-action}? 215 | +--rw selector 216 | +--rw facility-list* [facility severity] 217 | | +--rw facility union 218 | | +--rw severity union 219 | | +--rw advanced-compare {select-adv-compare}? 220 | | +--rw compare? enumeration 221 | | +--rw action? enumeration 222 | +--rw pattern-match? string {select-match}? 223 +--rw file {file-action}? 224 | +--rw log-file* [name] 225 | +--rw name inet:uri 226 | +--rw selector 227 | | +--rw facility-list* [facility severity] 228 | | | +--rw facility union 229 | | | +--rw severity union 230 | | | +--rw advanced-compare {select-adv-compare}? 231 | | | +--rw compare? enumeration 232 | | | +--rw action? enumeration 233 | | +--rw pattern-match? string {select-match}? 234 | +--rw structured-data? boolean {structured-data}? 235 | +--rw file-rotation 236 | +--rw number-of-files? uint32 {file-limit-size}? 237 | +--rw max-file-size? uint32 {file-limit-size}? 238 | +--rw rollover? uint32 {file-limit-duration}? 239 | +--rw retention? uint32 {file-limit-duration}? 240 +--rw remote {remote-action}? 241 +--rw destination* [name] 242 +--rw name string 243 +--rw (transport) 244 | +--:(tcp) 245 | | +--rw tcp 246 | | +--rw address? inet:host 247 | | +--rw port? inet:port-number 248 | +--:(udp) 249 | +--rw udp 250 | +--rw address? inet:host 251 | +--rw port? inet:port-number 252 +--rw selector 253 | +--rw facility-list* [facility severity] 254 | | +--rw facility union 255 | | +--rw severity union 256 | | +--rw advanced-compare {select-adv-compare}? 257 | | +--rw compare? enumeration 258 | | +--rw action? enumeration 259 | +--rw pattern-match? string {select-match}? 260 +--rw structured-data? boolean {structured-data}? 261 +--rw facility-override? identityref 262 +--rw source-interface? if:interface-ref {remote-source-interface}? 263 +--rw signing-options! {signed-messages}? 264 +--rw cert-initial-repeat uint16 265 +--rw cert-resend-delay uint16 266 +--rw cert-resend-count uint16 267 +--rw sig-max-delay uint16 268 +--rw sig-number-resends uint16 269 +--rw sig-resend-delay uint16 270 +--rw sig-resend-count uint16 272 Figure 2. ietf-syslog Module Tree 274 4. Syslog YANG Module 276 4.1. The ietf-syslog Module 278 This module imports typedefs from [RFC6021] and [RFC7223], and it 279 references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. 281 file "ietf-syslog.yang" 282 module ietf-syslog { 283 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 284 prefix syslog; 286 import ietf-inet-types { 287 prefix inet; 288 } 290 import ietf-interfaces { 291 prefix if; 292 } 294 organization "IETF NETMOD (NETCONF Data Modeling Language) 295 Working Group"; 296 contact 297 "WG Web: 298 WG List: 300 Editor: Kiran Agrahara Sreenivasa 301 303 Editor: Clyde Wildes 304 "; 305 description 306 "This module contains a collection of YANG definitions 307 for syslog configuration. 309 Copyright (c) 2016 IETF Trust and the persons identified as 310 authors of the code. All rights reserved. 312 Redistribution and use in source and binary forms, with or 313 without modification, is permitted pursuant to, and subject to 314 the license terms contained in, the Simplified BSD License set 315 forth in Section 4.c of the IETF Trust's Legal Provisions 316 Relating to IETF Documents 317 (http://trustee.ietf.org/license-info). 319 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 320 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 321 'OPTIONAL' in the module text are to be interpreted as described 322 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 324 This version of this YANG module is part of RFC XXXX 325 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 326 full legal notices."; 328 reference 329 "RFC 5424: The Syslog Protocol 330 RFC 5426: Transmission of Syslog Messages over UDP 331 RFC 6587: Transmission of Syslog Messages over TCP 332 RFC 5848: Signed Syslog Messages"; 334 revision 2017-03-13 { 335 description 336 "Initial Revision"; 337 reference 338 "RFC XXXX: Syslog YANG Model"; 339 } 341 feature console-action { 342 description 343 "This feature indicates that the local console action is 344 supported."; 345 } 347 feature file-action { 348 description 349 "This feature indicates that the local file action is 350 supported."; 351 } 353 feature file-limit-size { 354 description 355 "This feature indicates that file logging resources 356 are managed using size and number limits."; 357 } 359 feature file-limit-duration { 360 description 361 "This feature indicates that file logging resources 362 are managed using time based limits."; 363 } 365 feature remote-action { 366 description 367 "This feature indicates that the remote server action is 368 supported."; 369 } 371 feature remote-source-interface { 372 description 373 "This feature indicates that source-interface is supported 374 supported for the remote-action."; 375 } 377 feature select-adv-compare { 378 description 379 "This feature represents the ability to select messages 380 using the additional comparison operators when comparing 381 the syslog message severity."; 382 } 384 feature select-match { 385 description 386 "This feature represents the ability to select messages based 387 on a Posix 1003.2 regular expression pattern match."; 389 } 391 feature structured-data { 392 description 393 "This feature represents the ability to log messages 394 in structured-data format as per RFC 5424."; 395 } 397 feature signed-messages { 398 description 399 "This feature represents the ability to configure signed 400 syslog messages according to RFC 5848."; 401 } 403 typedef syslog-severity { 404 type enumeration { 405 enum "emergency" { 406 value 0; 407 description 408 "The severity level 'Emergency' indicating that the system 409 is unusable."; 410 } 411 enum "alert" { 412 value 1; 413 description 414 "The severity level 'Alert' indicating that an action must be 415 taken immediately."; 416 } 417 enum "critical" { 418 value 2; 419 description 420 "The severity level 'Critical' indicating a critical condition."; 421 } 422 enum "error" { 423 value 3; 424 description 425 "The severity level 'Error' indicating an error condition."; 426 } 427 enum "warning" { 428 value 4; 429 description 430 "The severity level 'Warning' indicating a warning condition."; 431 } 432 enum "notice" { 433 value 5; 434 description 435 "The severity level 'Notice' indicating a normal but significant 436 condition."; 437 } 438 enum "info" { 439 value 6; 440 description 441 "The severity level 'Info' indicating an informational message."; 442 } 443 enum "debug" { 444 value 7; 445 description 446 "The severity level 'Debug' indicating a debug-level message."; 447 } 448 } 449 description 450 "The definitions for Syslog message severity as per RFC 5424."; 451 } 453 identity syslog-facility { 454 description 455 "This identity is used as a base for all syslog facilities as 456 per RFC 5424."; 457 } 459 identity kern { 460 base syslog-facility; 461 description 462 "The facility for kernel messages (0) as defined in RFC 5424."; 463 } 465 identity user { 466 base syslog-facility; 467 description 468 "The facility for user-level messages (1) as defined in RFC 5424."; 469 } 471 identity mail { 472 base syslog-facility; 473 description 474 "The facility for the mail system (2) as defined in RFC 5424."; 475 } 477 identity daemon { 478 base syslog-facility; 479 description 480 "The facility for the system daemons (3) as defined in RFC 5424."; 481 } 483 identity auth { 484 base syslog-facility; 485 description 486 "The facility for security/authorization messages (4) as defined 487 in RFC 5424."; 488 } 490 identity syslog { 491 base syslog-facility; 492 description 493 "The facility for messages generated internally by syslogd 494 facility (5) as defined in RFC 5424."; 495 } 496 identity lpr { 497 base syslog-facility; 498 description 499 "The facility for the line printer subsystem (6) as defined in 500 RFC 5424."; 501 } 503 identity news { 504 base syslog-facility; 505 description 506 "The facility for the network news subsystem (7) as defined in 507 RFC 5424."; 508 } 510 identity uucp { 511 base syslog-facility; 512 description 513 "The facility for the UUCP subsystem (8) as defined in RFC 5424."; 514 } 516 identity cron { 517 base syslog-facility; 518 description 519 "The facility for the clock daemon (9) as defined in RFC 5424."; 520 } 522 identity authpriv { 523 base syslog-facility; 524 description 525 "The facility for privileged security/authorization messages (10) 526 as defined in RFC 5424."; 527 } 529 identity ftp { 530 base syslog-facility; 531 description 532 "The facility for the FTP daemon (11) as defined in RFC 5424."; 533 } 535 identity ntp { 536 base syslog-facility; 537 description 538 "The facility for the NTP subsystem (12) as defined in RFC 5424."; 539 } 541 identity audit { 542 base syslog-facility; 543 description 544 "The facility for log audit messages (13) as defined in RFC 5424."; 545 } 547 identity console { 548 base syslog-facility; 549 description 550 "The facility for log alert messages (14) as defined in RFC 5424."; 551 } 553 identity cron2 { 554 base syslog-facility; 555 description 556 "The facility for the second clock daemon (15) as defined in 557 RFC 5424."; 558 } 560 identity local0 { 561 base syslog-facility; 562 description 563 "The facility for local use 0 messages (16) as defined in 564 RFC 5424."; 565 } 567 identity local1 { 568 base syslog-facility; 569 description 570 "The facility for local use 1 messages (17) as defined in 571 RFC 5424."; 572 } 574 identity local2 { 575 base syslog-facility; 576 description 577 "The facility for local use 2 messages (18) as defined in 578 RFC 5424."; 579 } 581 identity local3 { 582 base syslog-facility; 583 description 584 "The facility for local use 3 messages (19) as defined in 585 RFC 5424."; 586 } 588 identity local4 { 589 base syslog-facility; 590 description 591 "The facility for local use 4 messages (20) as defined in 592 RFC 5424."; 593 } 595 identity local5 { 596 base syslog-facility; 597 description 598 "The facility for local use 5 messages (21) as defined in 599 RFC 5424."; 600 } 602 identity local6 { 603 base syslog-facility; 604 description 605 "The facility for local use 6 messages (22) as defined in 606 RFC 5424."; 607 } 609 identity local7 { 610 base syslog-facility; 611 description 612 "The facility for local use 7 messages (23) as defined in 613 RFC 5424."; 614 } 616 grouping severity-filter { 617 description 618 "This grouping defines the processing used to select 619 log messages by comparing syslog message severity using 620 the following processing rules: 621 - if 'none', do not match. 622 - if 'all', match. 623 - else compare message severity with the specified severity 624 according to the default compare rule (all messages of the 625 specified severity and greater match) or if the 626 select-adv-compare feature is present, the advance-compare 627 rule."; 628 leaf severity { 629 type union { 630 type syslog-severity; 631 type enumeration { 632 enum none { 633 value -2; 634 description 635 "This enum describes the case where no severities 636 are selected."; 637 } 638 enum all { 639 value -1; 640 description 641 "This enum describes the case where all severities 642 are selected."; 643 } 644 } 645 } 646 mandatory true; 647 description 648 "This leaf specifies the syslog message severity."; 649 } 650 container advanced-compare { 651 when '../severity != "all" and 652 ../severity != "none"' { 653 description 654 "The advanced compare container is not applicable for severity 655 'all' or severity 'none'"; 656 } 657 if-feature select-adv-compare; 658 leaf compare { 659 type enumeration { 660 enum equals { 661 description 662 "This enum specifies that the severity comparison operation 663 will be equals."; 664 } 665 enum equals-or-higher { 666 description 667 "This enum specifies that the severity comparison operation 668 will be equals or higher."; 669 } 670 } 671 default equals-or-higher; 672 description 673 "The compare can be used to specify the comparison operator that 674 should be used to compare the syslog message severity with the 675 specified severity."; 676 } 677 leaf action { 678 type enumeration { 679 enum log { 680 description 681 "This enum specifies that if the compare operation is true 682 the message will be logged."; 683 } 684 enum block { 685 description 686 "This enum specifies that if the compare operation is true 687 the message will not be logged."; 688 } 689 } 690 default log; 691 description 692 "The action can be used to spectify if the message should be 693 logged or blocked based on the outcome of the compare operation."; 694 } 695 description 696 "This leaf describes additional severity compare operations that can 697 be used in place of the default severity comparison. The compare leaf 698 specifies the type of the compare that is done and the action leaf 699 specifies the intended result. Example: compare->equals and action-> 700 no-match means messages that have a severity that is not equal to the 701 specified severity will be logged."; 702 } 703 } 705 grouping selector { 706 description 707 "This grouping defines a syslog selector which is used to 708 select log messages for the log-action (console, file, 709 remote, etc.). Choose one or both of the following: 710 facility [ ...] 711 pattern-match regular-expression-match-string 713 If both facility and pattern-match are specified, both must 714 match in order for a log message to be selected."; 715 container selector { 716 description 717 "This container describes the log selector parameters 718 for syslog."; 719 list facility-list { 720 key "facility severity"; 721 ordered-by user; 722 description 723 "This list describes a collection of syslog 724 facilities and severities."; 725 leaf facility { 726 type union { 727 type identityref { 728 base syslog-facility; 729 } 730 type enumeration { 731 enum all { 732 description 733 "This enum describes the case where all 734 facilities are requested."; 735 } 736 } 737 } 738 description 739 "The leaf uniquely identifies a syslog facility."; 740 } 741 uses severity-filter; 742 } 743 leaf pattern-match { 744 if-feature select-match; 745 type string; 746 description 747 "This leaf describes a Posix 1003.2 regular expression 748 string that can be used to select a syslog message for 749 logging. The match is performed on the RFC 5424 750 SYSLOG-MSG field."; 751 } 752 } 753 } 755 grouping structured-data { 756 description 757 "This grouping defines the syslog structured data option 758 which is used to select the format used to write log 759 messages."; 760 leaf structured-data { 761 if-feature structured-data; 762 type boolean; 763 default false; 764 description 765 "This leaf describes how log messages are written. 766 If true, messages will be written with one or more 767 STRUCTURED-DATA elements as per RFC5424; if false, 768 messages will be written with STRUCTURED-DATA = 769 NILVALUE."; 770 } 771 } 773 container syslog { 774 presence "Enables logging."; 775 description 776 "This container describes the configuration parameters for 777 syslog."; 778 container actions { 779 description 780 "This container describes the log-action parameters 781 for syslog."; 782 container console { 783 if-feature console-action; 784 presence "Enables logging to the console"; 785 description 786 "This container describes the configuration parameters for 787 console logging."; 788 uses selector; 789 } 790 container file { 791 if-feature file-action; 792 description 793 "This container describes the configuration parameters for 794 file logging. If file-archive limits are not supplied, it 795 is assumed that the local implementation defined limits will 796 be used."; 797 list log-file { 798 key "name"; 799 description 800 "This list describes a collection of local logging 801 files."; 802 leaf name { 803 type inet:uri { 804 pattern 'file:.*'; 805 } 806 description 807 "This leaf specifies the name of the log file which 808 MUST use the uri scheme file:."; 809 } 810 uses selector; 811 uses structured-data; 812 container file-rotation { 813 description 814 "This container describes the configuration 815 parameters for log file rotation."; 816 leaf number-of-files { 817 if-feature file-limit-size; 818 type uint32; 819 default 1; 820 description 821 "This leaf specifies the maximum number of log 822 files retained. Specify 1 for implementations 823 that only support one log file."; 824 } 825 leaf max-file-size { 826 if-feature file-limit-size; 827 type uint32; 828 units "megabytes"; 829 description 830 "This leaf specifies the maximum log file size."; 831 } 832 leaf rollover { 833 if-feature file-limit-duration; 834 type uint32; 835 units "minutes"; 836 description 837 "This leaf specifies the length of time that log 838 events should be written to a specific log file. 839 Log events that arrive after the rollover period 840 cause the current log file to be closed and a new 841 log file to be opened."; 842 } 843 leaf retention { 844 if-feature file-limit-duration; 845 type uint32; 846 units "hours"; 847 description 848 "This leaf specifies the length of time that 849 completed/closed log event files should be stored 850 in the file system before they are deleted."; 851 } 852 } 853 } 854 } 855 container remote { 856 if-feature remote-action; 857 description 858 "This container describes the configuration parameters for 859 forwarding syslog messages to remote relays or collectors."; 860 list destination { 861 key "name"; 862 description 863 "This list describes a collection of remote logging 864 destinations."; 865 leaf name { 866 type string; 867 description 868 "An arbitrary name for the endpoint to connect to."; 869 } 870 choice transport { 871 mandatory true; 872 description 873 "This choice describes the transport option."; 874 case tcp { 875 container tcp { 876 description 877 "This container describes the TCP transport 878 options."; 879 reference 880 "RFC 6587: Transmission of Syslog Messages over TCP"; 881 leaf address { 882 type inet:host; 883 description 884 "The leaf uniquely specifies the address of 885 the remote host. One of the following must 886 be specified: an ipv4 address, an ipv6 887 address, or a host name."; 888 } 889 leaf port { 890 type inet:port-number; 891 default 514; 892 description 893 "This leaf specifies the port number used to 894 deliver messages to the remote server."; 895 } 896 } 897 } 898 case udp { 899 container udp { 900 description 901 "This container describes the UDP transport 902 options."; 903 reference 904 "RFC 5426: Transmission of Syslog Messages over UDP"; 905 leaf address { 906 type inet:host; 907 description 908 "The leaf uniquely specifies the address of 909 the remote host. One of the following must be 910 specified: an ipv4 address, an ipv6 address, 911 or a host name."; 912 } 913 leaf port { 914 type inet:port-number; 915 default 514; 916 description 917 "This leaf specifies the port number used to 918 deliver messages to the remote server."; 919 } 920 } 921 } 922 } 923 uses selector; 924 uses structured-data; 925 leaf facility-override { 926 type identityref { 927 base syslog-facility; 928 } 929 description 930 "If specified, this leaf specifies the facility used 931 to override the facility in messages delivered to the 932 remote server."; 933 } 934 leaf source-interface { 935 if-feature remote-source-interface; 936 type if:interface-ref; 937 description 938 "This leaf sets the source interface to be used to send 939 message to the remote syslog server. If not set, 940 messages sent to a remote syslog server will 941 contain the IP address of the interface the syslog 942 message uses to exit the network element"; 943 } 944 container signing-options { 945 if-feature signed-messages; 946 presence 947 "If present, syslog-signing options is activated."; 948 description 949 "This container describes the configuration 950 parameters for signed syslog messages as described 951 by RFC 5848."; 952 reference 953 "RFC 5848: Signed Syslog Messages"; 954 leaf cert-initial-repeat { 955 type uint16; 956 mandatory true; 957 description 958 "This leaf specifies the number of times each 959 Certificate Block should be sent before the first 960 message is sent."; 961 } 962 leaf cert-resend-delay { 963 type uint16; 964 units "seconds"; 965 mandatory true; 966 description 967 "This leaf specifies the maximum time delay in 968 seconds until resending the Certificate Block."; 969 } 970 leaf cert-resend-count { 971 type uint16; 972 mandatory true; 973 description 974 "This leaf specifies the maximum number of other 975 syslog messages to send until resending the 976 Certificate Block."; 977 } 978 leaf sig-max-delay { 979 type uint16; 980 units "seconds"; 981 mandatory true; 982 description 983 "This leaf specifies when to generate a new 984 Signature Block. If this many seconds have 985 elapsed since the message with the first message 986 number of the Signature Block was sent, a new 987 Signature Block should be generated."; 988 } 989 leaf sig-number-resends { 990 type uint16; 991 mandatory true; 992 description 993 "This leaf specifies the number of times a 994 Signature Block is resent. (It is recommended to 995 select a value of greater than 0 in particular 996 when the UDP transport [RFC5426] is used.)."; 997 } 998 leaf sig-resend-delay { 999 type uint16; 1000 units "seconds"; 1001 mandatory true; 1002 description 1003 "This leaf specifies when to send the next 1004 Signature Block transmission based on time. If 1005 this many seconds have elapsed since the previous 1006 sending of this Signature Block, resend it."; 1007 } 1008 leaf sig-resend-count { 1009 type uint16; 1010 mandatory true; 1011 description 1012 "This leaf specifies when to send the next 1013 Signature Block transmission based on a count. 1014 If this many other syslog messages have been sent 1015 since the previous sending of this Signature 1016 Block, resend it."; 1017 } 1018 } 1019 } 1020 } 1021 } 1022 } 1023 } 1024 1026 Figure 3. ietf-syslog Module 1028 5. Usage Examples 1029 Requirement: 1030 Enable console logging of syslogs of severity critical 1032 Here is the example syslog configuration xml: 1033 1034 1036 1037 1038 1039 1040 all 1041 critical 1042 1043 1044 1045 1046 1047 1049 Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 1050 for facility auth, severity error 1052 1053 1055 1056 1057 1058 remote1 1059 1060
2001:db8:a0b:12f0::1
1061 1062 1063 1064 auth 1065 error 1066 1067 1068 1069 1070 1071 1072 1074 Figure 4. ietf-syslog Examples 1076 6. Acknowledgements 1078 The authors wish to thank the following who commented on this 1079 proposal: 1081 Andy Bierman 1082 Martin Bjorklund 1083 Alex Campbell 1084 Alex Clemm 1085 Jim Gibson 1086 Jeffrey Haas 1087 John Heasley 1088 Giles Heron 1089 Lisa Huang 1090 Mahesh Jethanandani 1091 Jeffrey K Lange 1092 Jan Lindblad 1093 Chris Lonvick 1094 Tom Petch 1095 Juergen Schoenwaelder 1096 Phil Shafer 1097 Jason Sterne 1098 Peter Van Horne 1099 Kent Watsen 1100 Bert Wijnen 1101 Dale R Worley 1102 Aleksandr Zhdankin 1104 7. IANA Considerations 1106 This document registers one URI in the IETF XML registry [RFC3688]. 1108 Following the format in RFC 3688, the following registration is 1109 requested to be made: 1111 URI: urn:ietf:params:xml:ns:yang:ietf-syslog 1113 Registrant Contact: The IESG. 1115 XML: N/A, the requested URI is an XML namespace. 1117 This document registers a YANG module in the YANG Module Names 1118 registry [RFC6020]. 1120 name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog 1122 prefix: ietf-syslog 1124 reference: RFC XXXX 1126 8. Security Considerations 1128 The YANG module defined in this memo is designed to be accessed via 1129 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1130 secure transport layer and the mandatory-to-implement secure 1131 transport is SSH [RFC6242]. The NETCONF access control model 1132 [RFC6536] provides the means to restrict access for particular 1133 NETCONF users to a pre-configured subset of all available NETCONF 1134 protocol operations and content. 1136 There are a number of data nodes defined in the YANG module which are 1137 writable/creatable/deletable (i.e., config true, which is the 1138 default). These data nodes may be considered sensitive or vulnerable 1139 in some network environments. Write operations (e.g., ) 1140 to these data nodes without proper protection can have a negative 1141 effect on network operations. 1143 8.1. Resource Constraints 1145 Network administrators must take the time to estimate the appropriate 1146 memory limits caused by the configuration of actions/buffer using 1147 buffer-limit-bytes and/or buffer-limit-messages where necessary to 1148 limit the amount of memory used. 1150 Network administrators must take the time to estimate the appropriate 1151 storage capacity caused by the configuration of actions/file using 1152 file-archive attributes to limit storage used. 1154 It is the responsibility of the network administrator to ensure that 1155 the configured message flow does not overwhelm system resources. 1157 8.2. Inappropriate Configuration 1159 It is the responsibility of the network administrator to ensure that 1160 the messages are actually going to the intended recipients. 1162 9. References 1164 9.1. Normative References 1166 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1167 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1168 RFC2119, March 1997, . 1171 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI 1172 10.17487/RFC5424, March 2009, . 1175 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", 1176 RFC 5426, DOI 10.17487/RFC5426, March 2009, . 1179 [RFC5848] Kelsey, J., Callas, J. and A. Clemm, "Signed Syslog 1180 Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, 1181 . 1183 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1184 the Network Configuration Protocol (NETCONF)", RFC 6020, 1185 DOI 10.17487/RFC6020, October 2010, . 1188 [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 1189 6021, DOI 10.17487/RFC6021, October 2010, . 1192 [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog 1193 Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April 1194 2012, . 1196 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1197 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1198 . 1200 9.2. Informative References 1202 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1203 DOI 10.17487/RFC3688, January 2004, . 1206 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J.Ed., 1207 and A. Bierman, Ed., "Network Configuration Protocol 1208 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1209 . 1211 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1212 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1213 . 1215 Appendix A. Implementor Guidelines 1217 Appendix A.1. Extending Facilities 1219 Many vendors extend the list of facilities available for logging in 1220 their implementation. Additional facilities may not work with the 1221 syslog protocol as defined in [RFC5424] and hence such facilities 1222 apply for local syslog-like logging functionality. 1224 The following is an example that shows how additional facilities 1225 could be added to the list of available facilities (in this example 1226 two facilities are added): 1228 module vendor-syslog-types-example { 1229 namespace "urn:vendor:params:xml:ns:yang:vendor-syslog-types"; 1230 prefix vendor-syslogtypes; 1232 import ietf-syslog { 1233 prefix syslogtypes; 1234 } 1236 organization "Example, Inc."; 1237 contact 1238 "Example, Inc. 1239 Customer Service 1241 E-mail: syslog-yang@example.com"; 1243 description 1244 "This module contains a collection of vendor-specific YANG type 1245 definitions for SYSLOG."; 1247 revision 2017-03-13 { 1248 description 1249 "Version 1.0"; 1250 reference 1251 "Vendor SYSLOG Types: SYSLOG YANG Model"; 1252 } 1254 identity vendor_specific_type_1 { 1255 base syslogtypes:syslog-facility; 1256 } 1258 identity vendor_specific_type_2 { 1259 base syslogtypes:syslog-facility; 1260 } 1261 } 1263 Authors' Addresses 1265 Clyde Wildes, editor 1266 Cisco Systems Inc. 1267 170 West Tasman Drive 1268 San Jose, CA 95134 1269 US 1271 Phone: +1 408 527-2672 1272 Email: cwildes@cisco.com 1273 Kiran Koushik, editor 1274 Verizon Wireless 1275 500 W Dove Rd. 1276 Southlake, TX 76092 1277 US 1279 Phone: +1 512 650-0210 1280 Email: kirankoushik.agraharasreenivasa@verizonwireless.com